Smousie

I use two laptops at home, both of which seem to have acquired different viruses. I'm trying to fix the least seriously infected one first, so at least I have one usable machine while I attempt to fix the other. My Gmail and Facebook etc were hacked last week, which is when I installed Norton and discovered these viruses. My admin passwords and my router password were all the same as the hacked Gmail password (all passwords have now been changed). Norton tells me that laptop #1 has a severe tracking virus which is sending information back to the internet and hijacking my browser, so I've taken that one offline and I'm attempting to fix laptop #2 because it seems less serious.

Laptop #2 is running very slowly despite the fact I have already reinstalled Windows XP from the recovery partition and followed the various steps suggested in this forum (defrag and chkdsk etc). IE in particular runs very slowly and frequently hangs, particularly when I'm trying to access Gmail, and I have to close the program and try again. I have run Norton, Spyware Doctor, Spybot and CCleaner, but they found and removed nothing but tracking cookies. Disk space was running low, but I think it was because Norton was repeatedly backing up files every time I ran it; I have now fixed this.

Below is the DDS log for laptop #2. Other files are in the attached zip folder. Thanks in advance for any advice anyone can offer.


DDS (Ver_09-03-16.01) - NTFSx86
Run by KM at 14:56:25.04 on 22/04/2009
Internet Explorer: 7.0.5730.13
Microsoft Windows XP Home Edition 5.1.2600.3.1252.44.1033.18.1014.243 [GMT 1:00]

AV: Norton 360 *On-access scanning enabled* (Updated)
FW: Norton 360 *enabled*

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch
C:\WINDOWS\system32\svchost -k rpcss
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Common Files\Symantec Shared\ccProxy.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\Virgin Broadband Wireless\AffinegyService.exe
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\WinPcap\rpcapd.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\USBDeviceService.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Sonic\DigitalMedia Plus v7\MyDVD Plus\DetectorApp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\hpq\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Virgin Broadband Wireless\Wireless Manager.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Virgin Broadband Wireless\ndis_events.exe
C:\PROGRA~1\HPQ\SHARED\HPQTOA~1.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
C:\PROGRA~1\COMMON~1\SYMANT~1\CCPD-LC\symlcsvc.exe
C:\Program Files\Virgin Broadband Wireless\wpa_supplicant.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Spybot - Search & Destroy\SpybotSD.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Documents and Settings\KM.OLD_LAPTOP\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.co.uk/
uInternet Connection Wizard,ShellNext = hxxp://allyours.virginmedia.com/wbbadditional
BHO: AcroIEHlprObj Class: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 6.0\reader\activex\AcroIEHelper.dll
BHO: NCO 2.0 IE BHO: {602adb0e-4aff-4217-8aa1-95dac4dfa408} - c:\program files\common files\symantec shared\coshared\browser\2.6\coIEPlg.dll
BHO: Symantec Intrusion Prevention: {6d53ec84-6aae-4787-aeee-f4628f01010c} - c:\progra~1\common~1\symant~1\ids\IPSBHO.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar1.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar1.dll
TB: Show Norton Toolbar: {7febefe3-6b19-4349-98d2-ffb09d4b49ca} - c:\program files\common files\symantec shared\coshared\browser\2.6\CoIEPlg.dll
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [igfxtray] c:\windows\system32\igfxtray.exe
mRun: [igfxhkcmd] c:\windows\system32\hkcmd.exe
mRun: [igfxpers] c:\windows\system32\igfxpers.exe
mRun: [High Definition Audio Property Page Shortcut] CHDAudPropShortcut.exe
mRun: [DetectorApp] c:\program files\sonic\digitalmedia plus v7\mydvd plus\DetectorApp.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [hpWirelessAssistant] c:\program files\hpq\hp wireless assistant\HP Wireless Assistant.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [RecGuard] c:\windows\sminst\RecGuard.exe
mRun: [Reminder] c:\windows\creator\Remind_XP.exe
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [Wireless Manager] "c:\program files\virgin broadband wireless\Wireless Manager.exe" startup
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [osCheck] "c:\program files\norton 360\osCheck.exe"
mRun: [ISTray] "c:\program files\spyware doctor\pctsTray.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
StartupFolder: c:\documents and settings\all users\start menu\programs\startup\HP Photosmart Premier Fast Start.lnk.disabled
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxdev.dll

============= SERVICES / DRIVERS ===============

R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-4-10 130424]
R2 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 ccProxy;Symantec Network Proxy;c:\program files\common files\symantec shared\ccProxy.exe [2008-2-18 214888]
R2 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\CCSVCHST.EXE [2008-2-18 149352]
R2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-4-10 32512]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2009-4-19 101936]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090421.054\NAVENG.SYS [2009-4-22 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090421.054\NAVEX15.SYS [2009-4-22 876144]
S3 COH_Mon;COH_Mon;c:\windows\system32\drivers\COH_Mon.sys [2008-1-13 23888]

=============== Created Last 30 ================

2009-04-22 14:57 0 a------- c:\windows\system32\dllcache\SETD4E.tmp
2009-04-22 14:57 154,496 a------- c:\windows\system32\dllcache\icam4usb.sys
2009-04-22 14:57 61,952 a------- c:\windows\system32\dllcache\icam4ext.dll
2009-04-22 14:57 91,136 a------- c:\windows\system32\dllcache\icam4com.dll
2009-04-22 14:55 115,807 a------- c:\windows\system32\dllcache\hsf_fsks.sys
2009-04-22 14:54 119,296 a------- c:\windows\system32\dllcache\hpdigwia.dll
2009-04-22 14:53 444,416 a------- c:\windows\system32\dllcache\fpcibase.sys
2009-04-22 14:52 37,120 a------- c:\windows\system32\dllcache\es1370mp.sys
2009-04-22 14:51 20,192 a------- c:\windows\system32\dllcache\dpti2o.sys
2009-04-22 14:50 86,016 a------- c:\windows\system32\dllcache\dc240usd.dll
2009-04-22 14:49 42,112 a------- c:\windows\system32\dllcache\crtaud.sys
2009-04-22 14:48 314,752 a------- c:\windows\system32\dllcache\camdro21.sys
2009-04-22 14:47 66,557 a------- c:\windows\system32\dllcache\bcm42u.sys
2009-04-22 14:46 66,048 a------- c:\windows\system32\dllcache\s3legacy.dll
2009-04-22 14:46 2,189,056 a------- c:\windows\system32\dllcache\OLDA24.tmp
2009-04-22 14:36 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Spybot - Search & Destroy
2009-04-22 14:36 <DIR> --d----- c:\program files\Spybot - Search & Destroy
2009-04-22 10:38 <DIR> --d----- c:\program files\Trend Micro
2009-04-19 12:43 <DIR> --dsh--- C:\found.000
2009-04-15 10:00 284,160 -------- c:\windows\system32\dllcache\pdh.dll
2009-04-15 10:00 401,408 -------- c:\windows\system32\dllcache\rpcss.dll
2009-04-15 10:00 110,592 -------- c:\windows\system32\dllcache\services.exe
2009-04-15 10:00 35,328 -------- c:\windows\system32\dllcache\sc.exe
2009-04-15 10:00 453,120 -------- c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 10:00 227,840 -------- c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 09:58 2,560 -------- c:\windows\system32\xpsp4res.dll
2009-04-15 09:58 215,552 -------- c:\windows\system32\dllcache\wordpad.exe
2009-04-11 06:55 <DIR> --d----- c:\windows\system32\scripting
2009-04-11 06:55 <DIR> --d----- c:\windows\system32\en
2009-04-11 06:55 <DIR> --d----- c:\windows\system32\bits
2009-04-11 00:27 <DIR> --d----- C:\NSS
2009-04-10 22:46 159,600 a------- c:\windows\system32\drivers\pctgntdi.sys
2009-04-10 22:46 130,424 a------- c:\windows\system32\drivers\PCTCore.sys
2009-04-10 22:46 73,840 a------- c:\windows\system32\drivers\PCTAppEvent.sys
2009-04-10 22:45 64,392 a------- c:\windows\system32\drivers\pctplsg.sys
2009-04-10 22:45 <DIR> --d----- c:\docume~1\km~1.old\applic~1\PC Tools
2009-04-10 22:38 <DIR> --d----- c:\program files\CCleaner
2009-04-10 17:03 276,992 -------- c:\windows\system32\wmphoto.dll
2009-04-10 17:03 69,120 -------- c:\windows\system32\wlanapi.dll
2009-04-10 17:03 346,112 -------- c:\windows\system32\windowscodecsext.dll
2009-04-10 17:03 712,704 -------- c:\windows\system32\windowscodecs.dll
2009-04-10 17:01 1,261 -------- c:\windows\system32\pid.inf
2009-04-10 16:45 56 a---h--- c:\windows\system32\ezsidmv.dat
2009-04-10 11:12 410,984 a------- c:\windows\system32\deploytk.dll
2009-04-10 11:12 73,728 a------- c:\windows\system32\javacpl.cpl
2009-04-10 11:07 8,461,312 -------- c:\windows\system32\dllcache\shell32.dll
2009-04-10 10:54 2,189,056 a------- c:\windows\system32\dllcache\ntoskrnl.exe
2009-04-10 10:54 2,023,936 -------- c:\windows\system32\dllcache\ntkrpamp.exe
2009-04-10 10:54 2,066,048 -------- c:\windows\system32\dllcache\ntkrnlpa.exe
2009-04-10 10:49 203,136 -------- c:\windows\system32\dllcache\rmcast.sys
2009-04-10 10:49 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2009-04-10 10:47 333,952 -------- c:\windows\system32\dllcache\srv.sys
2009-04-10 10:47 272,128 a------- c:\windows\system32\dllcache\bthport.sys
2009-04-10 10:47 272,128 -------- c:\windows\system32\drivers\bthport.sys
2009-04-10 10:47 691,712 -------- c:\windows\system32\dllcache\inetcomm.dll
2009-04-10 10:45 1,106,944 -------- c:\windows\system32\dllcache\msxml3.dll
2009-04-10 10:39 <DIR> --d----- c:\windows\system32\PreInstall
2009-04-10 09:52 <DIR> --d----- c:\program files\Norton 360
2009-04-10 09:51 124,464 a------- c:\windows\system32\drivers\SYMEVENT.SYS
2009-04-10 09:51 60,808 a------- c:\windows\system32\S32EVNT1.DLL
2009-04-10 09:51 10,635 a------- c:\windows\system32\drivers\SYMEVENT.CAT
2009-04-10 09:51 806 a------- c:\windows\system32\drivers\SYMEVENT.INF
2009-04-10 09:51 <DIR> --d----- c:\program files\Symantec
2009-04-10 08:40 459,264 -------- c:\windows\system32\dllcache\msfeeds.dll
2009-04-10 08:40 52,224 -------- c:\windows\system32\dllcache\msfeedsbs.dll
2009-04-10 08:40 383,488 -------- c:\windows\system32\dllcache\ieapfltr.dll
2009-04-10 08:40 268,288 -------- c:\windows\system32\dllcache\iertutil.dll
2009-04-10 08:40 63,488 -------- c:\windows\system32\dllcache\icardie.dll
2009-04-10 08:40 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2009-04-10 08:40 2,455,488 -------- c:\windows\system32\dllcache\ieapfltr.dat
2009-04-10 08:40 991,232 -------- c:\windows\system32\dllcache\ieframe.dll.mui
2009-04-10 08:40 6,066,176 -------- c:\windows\system32\dllcache\ieframe.dll
2009-04-10 08:25 <DIR> --dsh--- c:\documents and settings\km.old_laptop\UserData
2009-04-10 08:22 <DIR> --d----- c:\windows\system32\SoftwareDistribution
2009-04-10 08:21 <DIR> --d----- c:\docume~1\km~1.old\applic~1\Affinegy
2009-04-10 08:19 233,472 a------- c:\windows\system32\wpcap.dll
2009-04-10 08:19 81,920 a------- c:\windows\system32\packet.dll
2009-04-10 08:19 61,440 a------- c:\windows\system32\wanpacket.dll
2009-04-10 08:19 53,299 a------- c:\windows\system32\pthreadVC.dll
2009-04-10 08:19 32,512 a------- c:\windows\system32\drivers\npf.sys
2009-04-10 08:19 27,072 a------- c:\windows\system32\drivers\AFGSp50.sys
2009-04-10 08:15 221,184 a------- c:\windows\system32\wmpns.dll
2009-04-10 08:14 1,783 a--shr-- c:\windows\system32\drivers\103C_HP_NTBK_HP Pavilion dv1000 (RB650EA#ABU)_YN_0Pavi_QCNF6240GX0_E396559032_46_I30A0_SQuanta_V55.10_BF.11_T060410_WXH2_L409_M1015_J80_7Intel_8T2300_91.66_#060412_N80861092_(RB650EA#ABU)_XMOBILE_CN10_Z_2Rev 1.MRK
2009-04-10 08:14 <DIR> --d----- c:\docume~1\km~1.old\applic~1\Symantec
2009-04-10 08:14 <DIR> --d----- c:\documents and settings\KM.OLD_LAPTOP
2009-04-09 21:23 <DIR> --d----- c:\documents and settings\all users\Symantec Temporary Files
2009-04-09 13:47 <DIR> --d----- c:\docume~1\alluse~1\applic~1\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-04-09 11:54 <DIR> --d----- c:\program files\common files\PC Tools
2009-04-09 11:54 <DIR> --d----- c:\program files\Spyware Doctor
2009-04-09 11:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\PC Tools
2009-04-09 11:48 <DIR> --d----- c:\program files\Norton Security Scan
2009-03-31 03:21 <DIR> --d----- c:\program files\World of Warcraft
2009-03-31 03:21 <DIR> --d----- c:\program files\common files\Blizzard Entertainment
2009-03-31 01:12 <DIR> --d----- c:\program files\World of Warcraft.529c9b5a.temp
2009-03-31 01:12 <DIR> --d----- c:\program files\common files\Blizzard Entertainment.56fab8eb.temp
2009-03-30 03:01 <DIR> --d----- c:\program files\MSXML 4.0
2009-03-29 19:53 <DIR> --d----- c:\program files\World of Warcraft.temp
2009-03-29 19:53 <DIR> --d----- c:\program files\common files\Blizzard Entertainment.temp
2009-03-29 19:53 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Blizzard
2009-03-29 19:47 <DIR> --d----- c:\program files\World of Warcraft Trial

==================== Find3M ====================

2009-04-11 07:00 83,471 a------- c:\windows\pchealth\helpctr\offlinecache\index.dat
2009-03-21 15:06 989,696 a------- c:\windows\system32\dllcache\kernel32.dll
2009-03-06 15:22 284,160 a------- c:\windows\system32\pdh.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\wininet.dll
2009-03-03 01:18 826,368 a------- c:\windows\system32\dllcache\wininet.dll
2009-02-28 05:54 636,072 -------- c:\windows\system32\dllcache\iexplore.exe
2009-02-20 11:20 70,656 a------- c:\windows\system32\dllcache\ie4uinit.exe
2009-02-20 06:14 161,792 a------- c:\windows\system32\dllcache\ieakui.dll
2009-02-19 14:03 579,464 a------- c:\windows\system32\SymNeti.dll
2009-02-19 14:03 207,240 a------- c:\windows\system32\SymRedir.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\lsasrv.dll
2009-02-09 13:10 729,088 a------- c:\windows\system32\dllcache\lsasrv.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\ntdll.dll
2009-02-09 13:10 714,752 a------- c:\windows\system32\dllcache\ntdll.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\dllcache\advapi32.dll
2009-02-09 13:10 617,472 a------- c:\windows\system32\advapi32.dll
2009-02-09 13:10 473,600 a------- c:\windows\system32\dllcache\fastprox.dll
2009-02-09 13:10 401,408 a------- c:\windows\system32\rpcss.dll
2009-02-09 12:13 1,846,784 a------- c:\windows\system32\win32k.sys
2009-02-09 12:13 1,846,784 -------- c:\windows\system32\dllcache\win32k.sys
2009-02-06 12:11 110,592 a------- c:\windows\system32\services.exe
2009-02-06 12:06 2,145,280 a------- c:\windows\system32\ntoskrnl.exe
2009-02-06 12:06 2,145,280 a------- c:\windows\system32\dllcache\ntkrnlmp.exe
2009-02-06 11:39 35,328 a------- c:\windows\system32\sc.exe
2009-02-06 11:32 2,023,936 a------- c:\windows\system32\ntkrnlpa.exe
2009-02-03 20:59 56,832 a------- c:\windows\system32\secur32.dll
2009-02-03 20:59 56,832 -------- c:\windows\system32\dllcache\secur32.dll

============= FINISH: 14:58:18.90 ===============

Attached Files

Attach.zip (4.3 KB, 2 views)

Smousie

Bump after three days please:)

I may have found another issue - I tried to access the valid site hxxp://www.empirecinemas.co.uk and I missed the S off the end and got sent to hxxp://searchportal.information.com which looks to be a very dodgy site.

This happens in both Firefox and IE. I was thinking that it might be a virus redirecting me, but it does not happen every single time I misspell a domain name, it only happens in this one case from what I can see, so maybe those people actually own that domain?

Apart from that, my laptop seems to be running ok now, although I'd be grateful if someone could briefly look at the logs I posted above just to confirm that they look clean. Thanks in advance.

Smousie

Bump again please - should I re-post a new scan, as my initial post was over a week ago?